package com.dundun.SSO.core.shiro;

import com.dundun.SSO.core.util.MD5Util;
import com.dundun.SSO.manage.*;
import com.dundun.SSO.manage.pojo.SsoPermission;
import com.dundun.SSO.manage.pojo.SsoRole;
import com.dundun.SSO.manage.pojo.SsoUser;
import com.dundun.SSO.manage.pojo.SsoUserAccount;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.ArrayList;
import java.util.List;

/**********************************************************
 * 版权所有：搜影科技 保留所有权利
 * 创建日期: 2017/6/6 0006 10:24
 * 创建作者: gezhangkai
 * 版    本:
 * 功    能:
 * 最后修改时间:
 * 修改记录:
 ***********************************************************/
public class UserRealm extends AuthorizingRealm {
    @Autowired
    private ISsoUserAccountService userAccountService;

    @Autowired
    private ISsoUserService userService;

    @Autowired
    private ISsoRoleService ssoRoleService;

    @Autowired
    private ISsoPermissionService ssoPermissionService;

    @Autowired
    private ISsoUserAccountService ssoUserAccountService;
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        String currentUsername = (String)super.getAvailablePrincipal(principalCollection);
        List<String> roleList = new ArrayList<>();
      List<String> permissionList = new ArrayList<>();
      //从数据库中获取当前登录用户的详细信息
      SsoUserAccount ssoUserAccount = userAccountService.selectOneByUsername(currentUsername);
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
      if(null != ssoUserAccount){
          SsoUser ssoUser = new SsoUser();
          ssoUser.setAccount(ssoUserAccount.getAccount());
          ssoUser = userService.selectOne(ssoUser);
          List<SsoRole> ssoRoleList = ssoRoleService.selectAllRoleByUserId(ssoUser.getId());
          List<SsoPermission> ssoPermissionList = ssoPermissionService.selectAllPermissionByUserId(ssoUser.getId());
          ssoRoleList.stream().map(ssoRole->ssoRole.getName()).forEach(roleList::add);
          ssoPermissionList.stream().map(ssoPermission -> ssoPermission.getPermission()).forEach(permissionList::add);

          simpleAuthorizationInfo.addStringPermissions(permissionList);
          simpleAuthorizationInfo.addRoles(roleList);
      }else{
          throw new AuthorizationException();
      }
        return simpleAuthorizationInfo;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String username = (String) authenticationToken.getPrincipal();
        String password = new String((char[]) authenticationToken.getCredentials());
        // client无密认证
//        String upmsType = PropertiesFileUtil.getInstance("zheng-upms-client").get("upms.type");
//        if ("client".equals(upmsType)) {
//            return new SimpleAuthenticationInfo(username, password, getName());
//        }

        // 查询用户信息
        SsoUserAccount ssoUserAccount = ssoUserAccountService.selectOneByUsername(username);

        if (null == ssoUserAccount) {
            throw new UnknownAccountException();
        }
        if (!ssoUserAccount.getPassword().equals(MD5Util.MD5(password + ssoUserAccount.getSalt()))) {
            throw new IncorrectCredentialsException();
        }
        if (ssoUserAccount.getStatus() == 1) {
            throw new LockedAccountException();
        }

        return new SimpleAuthenticationInfo(username, password, getName());
    }
}
